|
|
|
|
|
|
by antocv
2425 days ago
|
|
|
Of course the site has its normal login/password, for example nextcloud has authentication. But you see, for what we are discussing here, you could have exploited it even without authenticating, and especially it would have been easier for scanners to find it and exploit, if it was on its own domain. Defense in depth. For some services, yes I do basic http auth, besides their own shitty auth. |
|
|